Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp

Saves some bytes and mbedtls_platform_memcmp is a bit safer for side channel attacks.
2019-10-04 07:49:39 +03:00 · 2019-10-04 07:49:39 +03:00 · 707ceb88f0
commit 707ceb88f0
parent 650343cdcd
8 changed files with 11 additions and 32 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1152,9 +1152,9 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
        /* Check verify-data in constant-time. The length OTOH is no secret */
        if( len    != 1 + ssl->verify_data_len * 2 ||
            buf[0] !=     ssl->verify_data_len * 2 ||
-            mbedtls_ssl_safer_memcmp( buf + 1,
+            mbedtls_platform_memcmp( buf + 1,
                          ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
-            mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len,
+            mbedtls_platform_memcmp( buf + 1 + ssl->verify_data_len,
                          ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );